Cisco ASA to Fortigate VPN (Properly!)
Dec14

Cisco ASA to Fortigate VPN (Properly!)

KB ID 0001721 Problem A while ago I did a run through on site to site VPNs from Cisco ASA to Fortigate firewalls. Back then I said that the default settings were a bit ‘shoddy’ and that I’d revisit it once I had more time. What do you mean shoddy? Well, Cisco and Fortinet are both guilty of enabling ‘Everything’ to make the tunnel come up, so people can just use a wizard and not put to much thought into...

Read More
Cisco ASA: Received a DELETE PFKey message from IKE
Dec11

Cisco ASA: Received a DELETE PFKey message from IKE

KB ID 0001720 Problem I was debugging a VPN tunnel today. (From a Fortigate to a Cisco ASAv). I was messing around with the encryption and hashing, when the tunnel fell over. Phase 1 was establishing fine but not Phase 2 (IPSEC).  I’ve got better skills on the ASA, so that’s where I was debugging; IPSEC: Received a PFKey message from IKE IPSEC: Parsing PFKey GETSPI message IPSEC: Creating IPsec SA IPSEC: Getting the...

Read More
AnyConnect Error: Unable To Verify IP Forwarding Table Modifications
Dec08

AnyConnect Error: Unable To Verify IP Forwarding Table Modifications

KB ID 0001646 Problem While attempting to connect to a clients AnyConnect, this happened; The VPN client was unable to successfully verify the IP forwarding table modifications. A VPN connection will not be established. Or on older clients, you may see; The VPN client was unable to modify the IP forwarding table. A VPN connection will not be established. Please restart your computer or device, then try again. Solution I was trying to...

Read More
Fortigate to Cisco ASA Site to Site VPN
Nov24

Fortigate to Cisco ASA Site to Site VPN

KB ID 0001717 Problem Continuing with my ‘Learn some Fortigate’ theme’. One of the basic requirements of any edge firewall is site to site VPN. As the bulk of my knowledge is Cisco ASA it seems sensible for me to work out how to VPN both those firewalls together, like so; Well that’s the pretty picture, I’m building this EVE-NG so here’s what my workbench topology looks like; Disclaimer (Read First!...

Read More
Which Firepower To Replace Your ASA 5500-X?
Oct01

Which Firepower To Replace Your ASA 5500-X?

KB ID 0001705 Problem Well (at time of writing) only the ASA5516-X remains on sale (officially.) You may be able to get stock of the remainder of the ASA5500-X series as people clear their shelves, or they may be available as ‘refurb’ stock but they are disappearing. So you would think that the replacements would be better documented? Well it’s sketchy at best, and when you look a the data sheets for the new FPR...

Read More
macOS – SSH Error ‘No Matching Exchange Method Found’
Sep13

macOS – SSH Error ‘No Matching Exchange Method Found’

KB ID 0001245  Problem Note Certified working all the way up to macOS Big Sur version 11.0.1 I thought my RoyalTSX had broken today, I upgraded it a couple of weeks ago, and I upgraded to macOS Catalina 10.15 the other day. After this, all my SSH sessions refused to connect with this error;   Unable to negotiate with x.x.x.x port 22: no matching key exchange found. Their offer diffie-hellman-group1-sha1 Note: You may also see the...

Read More